In the following sections, sample policy is presented to address some different security goals in X. Some assumptions are made in the policy fragments:

Some type definitions and other statements are omitted to save space.

Window objects are labeled directly with the owning process domain.

The configuration file that maps extension and property names to the associated types is not shown.

The policy fragments are meant to be examples and are not comprehensive. As with all SELinux policy, all actions not explicitly allowed are denied. The examples thus consist of allow rules expressing the actions which we wish to permit.